From f78d61d8b35e6438bace812a19e4dea423023793 Mon Sep 17 00:00:00 2001 From: dacook Date: Thu, 17 Dec 2009 08:59:33 -0700 Subject: [PATCH] GPG runtime Actual boot-time handling of PGP-armored keys --- defaults/initrd.scripts | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/defaults/initrd.scripts b/defaults/initrd.scripts index f14333a..ea53fba 100755 --- a/defaults/initrd.scripts +++ b/defaults/initrd.scripts @@ -742,6 +742,7 @@ openLUKS() { [ ! -e /sbin/cryptsetup ] && bad_msg "The ramdisk does not support LUKS" && exit 1 while [ 1 ] do + local gpg_cmd="" # if crypt_silent=1 and some error occurs, enter shell quietly if [ \( ${CRYPT_SILENT} -eq 1 \) -a \( \( \( ${DEV_ERROR} -eq 1 \) -o \( ${KEY_ERROR} -eq 1 \) \) -o \( ${KEYDEV_ERROR} -eq 1 \) \) ] then @@ -826,10 +827,17 @@ openLUKS() { fi # At this point a candidate key exists (either mounted before or not) good_msg "${LUKS_KEY} on device ${LUKS_KEYDEV} found" ${CRYPT_SILENT} - cryptsetup_options="-d ${mntkey}${LUKS_KEY}" + if [ $(echo ${LUKS_KEY} | grep -o '.gpg$') == ".gpg" ] && [ -e /sbin/gpg ] ; then + [ -e /dev/tty ] && mv /dev/tty /dev/tty.org + mknod /dev/tty c 5 1 + cryptsetup_options="-d -" + gpg_cmd="/sbin/gpg --logger-file /dev/null --quiet --decrypt ${mntkey}${LUKS_KEY} |" + else + cryptsetup_options="-d ${mntkey}${LUKS_KEY}" + fi fi # At this point, keyfile or not, we're ready! - crypt_filter "cryptsetup ${cryptsetup_options} luksOpen ${LUKS_DEVICE} ${LUKS_NAME}" + crypt_filter "${gpg_cmd}cryptsetup ${cryptsetup_options} luksOpen ${LUKS_DEVICE} ${LUKS_NAME}" if [ $? -eq 0 ] then good_msg "LUKS device ${LUKS_DEVICE} opened" ${CRYPT_SILENT} -- 2.26.2